def setup(): parser = argparse.ArgumentParser( description='Watches for FASGuard/STIX message from the ASG, '+ 'stores it in sqlite DB and sends signal to Suricata reloader') parser.add_argument('-d','--debug',required=False,action='store_true', help='run with debug logging') parser.add_argument('-p','--properties',type=str,required=False, default='rrd.properties',help='properties file') args = parser.parse_args() #print "In file: ",args.in_file FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' logging_level = logging.DEBUG if args.debug else logging.INFO logger = logging.getLogger('simple_example') logger.setLevel(logging_level) ch = logging.StreamHandler() ch.setLevel(logging_level) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') ch.setFormatter(formatter) print 'logging.DEBUG',logging.DEBUG logger.addHandler(ch) logger.debug('debug message') #sys.exit(-1) properties = EnvProperties(args.properties) # Retrieve the rule file directory where we'll watch for new files incoming_port = properties.getProperty('RuleRcvD.IncomingPort') sleep_sec = int(properties.getProperty('RuleRcvD.DBWatchSleepS')) named_pipe = properties.getProperty('RuleRcvD.NamedPipe') db_file = properties.getProperty('RuleRcvD.DbFile') p_fh = open(named_pipe,'w+') # Create MsgOnInsert object that will watch for new insertions into the # database by django moi = MsgOnInsert(os.environ['YETIPATH']+'/'+db_file,p_fh, 'taxii_services_inboxmessage',sleep_sec) # Start thread thread.start_new_thread(moi.moiThread,()) sys.path.append(os.environ['YETIPATH']) os.environ.setdefault("DJANGO_SETTINGS_MODULE", "yeti.settingsRules") exec_args = [os.environ['YETIPATH']+'/manage.py','runsslserver', '--addrport','0.0.0.0:'+incoming_port] execute_from_command_line(exec_args) moi.loopFlag = False
def setup(): parser = argparse.ArgumentParser( description="Watches for attack STIX message from anomaly detector, " + "stores it in sqlite DB and sends signal to ASG" ) parser.add_argument("-d", "--debug", required=False, action="store_true", help="run with debug logging") parser.add_argument( "-p", "--properties", type=str, required=False, default="ard.properties", help="properties file" ) args = parser.parse_args() # print "In file: ",args.in_file FORMAT = "%(asctime)s - %(name)s - %(levelname)s - %(message)s" logging_level = logging.DEBUG if args.debug else logging.INFO logger = logging.getLogger("simple_example") logger.setLevel(logging_level) ch = logging.StreamHandler() ch.setLevel(logging_level) formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s") ch.setFormatter(formatter) print "logging.DEBUG", logging.DEBUG logger.addHandler(ch) logger.debug("debug message") # sys.exit(-1) properties = EnvProperties(args.properties) # Retrieve the attack file directory where we'll watch for new files incoming_port = properties.getProperty("AttackRcvD.IncomingPort") sleep_sec = int(properties.getProperty("AttackRcvD.DBWatchSleepS")) named_pipe = properties.getProperty("AttackRcvD.NamedPipe") p_fh = open(named_pipe, "w+") # Create MsgOnInsert object that will watch for new insertions into the # database by django moi = MsgOnInsert(os.environ["YETIPATH"] + "/sqlite3.db", p_fh, "taxii_services_inboxmessage", sleep_sec) # Start thread thread.start_new_thread(moi.moiThread, ()) sys.path.append(os.environ["YETIPATH"]) os.environ.setdefault("DJANGO_SETTINGS_MODULE", "yeti.settings") exec_args = [os.environ["YETIPATH"] + "/manage.py", "runsslserver", "--addrport", "0.0.0.0:" + incoming_port] execute_from_command_line(exec_args) moi.loopFlag = False
def setup(): parser = argparse.ArgumentParser( description='Watches for attack file from anomaly detector ' + 'and transmists it via TAXII') parser.add_argument('-d', '--debug', required=False, action='store_true', help='run with debug logging') parser.add_argument('-p', '--properties', type=str, required=False, default='axd.properties', help='properties file') args = parser.parse_args() #print "In file: ",args.in_file FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' logging_level = logging.DEBUG if args.debug else logging.INFO logger = logging.getLogger('simple_example') logger.setLevel(logging_level) ch = logging.StreamHandler() ch.setLevel(logging_level) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') ch.setFormatter(formatter) #logger.setLevel(logging_level) #logger.setLevel(logging.DEBUG) #ch.setFormatter(formatter) print 'logging.DEBUG', logging.DEBUG logger.addHandler(ch) logger.debug('debug message') #sys.exit(-1) properties = EnvProperties(args.properties) # Retrieve the attack file directory where we'll watch for new files atk_file_dir = properties.getProperty('AttackXmitD.AttackFileDir') logger.debug('Attack File Dir: %s', atk_file_dir) watch_and_xmit = WatchAndXmit(atk_file_dir, properties) watch_and_xmit.startLoop()
def setup(): parser = argparse.ArgumentParser( description='Receives Snort rules in STIX transmission and injects '+ 'them into a running Snort or Suricata instance') parser.add_argument('-d','--debug',required=False,action='store_true', help='run with debug logging') parser.add_argument('-p','--properties',type=str,required=False, default='rinject.properties',help='properties file') parser.add_argument('-c','--config',type=str,required=False, help='Configuration file of IDS instance to inject rules into') config=None args = parser.parse_args() #print "In file: ",args.in_file FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' logging_level = logging.DEBUG if args.debug else logging.INFO logger = logging.getLogger('simple_example') logger.setLevel(logging_level) #formatter = logging.Formatter(FORMAT) ch = logging.StreamHandler() ch.setLevel(logging_level) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') ch.setFormatter(formatter) #logger.setLevel(logging_level) #logger.setLevel(logging.DEBUG) #ch.setFormatter(formatter) print 'logging.DEBUG',logging.DEBUG logger.addHandler(ch) logger.debug('debug message') properties = EnvProperties(args.properties) # Snort or Suricata? ids = IPS.SnortOrSuricata(config) if not ids: raise Exception('Could not identify an instance of Snort or Suricata to work with') # Connect to database stx_frm_db = StixFromDb(properties) logger.debug('Created StixFromDb') stix_xml_filename = properties.getProperty('StixFromDb.StixXmlFilename') while stx_frm_db.processStix(): # continuous loop - fsr = FASGuardStixRule() fh = open(stix_xml_filename,'r') xml = fh.read() fh.close() fsr.parseXML(xml) if fsr.ruleList is not None: ids.updateRules(fsr.ruleList)
def setup(): parser = argparse.ArgumentParser( description='Watches for attack file from anomaly detector '+ 'and transmists it via TAXII') parser.add_argument('-d','--debug',required=False,action='store_true', help='run with debug logging') parser.add_argument('-p','--properties',type=str,required=False, default='axd.properties',help='properties file') args = parser.parse_args() #print "In file: ",args.in_file FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' logging_level = logging.DEBUG if args.debug else logging.INFO logger = logging.getLogger('simple_example') logger.setLevel(logging_level) ch = logging.StreamHandler() ch.setLevel(logging_level) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') ch.setFormatter(formatter) #logger.setLevel(logging_level) #logger.setLevel(logging.DEBUG) #ch.setFormatter(formatter) print 'logging.DEBUG',logging.DEBUG logger.addHandler(ch) logger.debug('debug message') #sys.exit(-1) properties = EnvProperties(args.properties) # Retrieve the attack file directory where we'll watch for new files atk_file_dir = properties.getProperty('AttackXmitD.AttackFileDir') logger.debug('Attack File Dir: %s',atk_file_dir) watch_and_xmit = WatchAndXmit(atk_file_dir, properties) watch_and_xmit.startLoop()
def setup(): parser = argparse.ArgumentParser(description="Watches for rule file from ASG " + "and transmists it via TAXII") parser.add_argument("-d", "--debug", required=False, action="store_true", help="run with debug logging") parser.add_argument( "-p", "--properties", type=str, required=False, default="rxd.properties", help="properties file" ) args = parser.parse_args() # print "In file: ",args.in_file FORMAT = "%(asctime)s - %(name)s - %(levelname)s - %(message)s" logging_level = logging.DEBUG if args.debug else logging.INFO logger = logging.getLogger("simple_example") logger.setLevel(logging_level) ch = logging.StreamHandler() ch.setLevel(logging_level) formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s") ch.setFormatter(formatter) # logger.setLevel(logging_level) # logger.setLevel(logging.DEBUG) # ch.setFormatter(formatter) print "logging.DEBUG", logging.DEBUG logger.addHandler(ch) logger.debug("debug message") # sys.exit(-1) properties = EnvProperties(args.properties) # Retrieve the rule file directory where we'll watch for new files atk_file_dir = properties.getProperty("RuleXmitD.RuleFileDir") logger.debug("Rule File Dir: %s", atk_file_dir) watch_and_xmit = WatchAndXmit(atk_file_dir, properties) watch_and_xmit.startLoop()
def setup(): parser = argparse.ArgumentParser( description='Watches for attack STIX message from anomaly detector, ' + 'stores it in sqlite DB and sends signal to ASG') parser.add_argument('-d', '--debug', required=False, action='store_true', help='run with debug logging') parser.add_argument('-p', '--properties', type=str, required=False, default='ard.properties', help='properties file') args = parser.parse_args() #print "In file: ",args.in_file FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' logging_level = logging.DEBUG if args.debug else logging.INFO logger = logging.getLogger('simple_example') logger.setLevel(logging_level) ch = logging.StreamHandler() ch.setLevel(logging_level) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') ch.setFormatter(formatter) print 'logging.DEBUG', logging.DEBUG logger.addHandler(ch) logger.debug('debug message') #sys.exit(-1) properties = EnvProperties(args.properties) # Retrieve the attack file directory where we'll watch for new files incoming_port = properties.getProperty('AttackRcvD.IncomingPort') sleep_sec = int(properties.getProperty('AttackRcvD.DBWatchSleepS')) named_pipe = properties.getProperty('AttackRcvD.NamedPipe') p_fh = open(named_pipe, 'w+') # Create MsgOnInsert object that will watch for new insertions into the # database by django moi = MsgOnInsert(os.environ['YETIPATH'] + '/sqlite3.db', p_fh, 'taxii_services_inboxmessage', sleep_sec) # Start thread thread.start_new_thread(moi.moiThread, ()) sys.path.append(os.environ['YETIPATH']) os.environ.setdefault("DJANGO_SETTINGS_MODULE", "yeti.settings") exec_args = [ os.environ['YETIPATH'] + '/manage.py', 'runsslserver', '--addrport', '0.0.0.0:' + incoming_port ] execute_from_command_line(exec_args) moi.loopFlag = False